In article <013173C7-6AEC-4C2D-9EB7-84C873C89028 at googlemail.com>, Leon Fauster <leonfauster at googlemail.com> wrote: > Am 18.08.2015 um 11:27 schrieb lhecking at users.sourceforge.net: > > > >> Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. > >> Some change in this update has broken something. I would like to understand > >> what, and so ought the package maintainers. C5 isn't EOL until March 2017. > > > > rpm -q --changelog openssl-0.9.8e. You weren't clear which version you > > upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1 > > (from March 2014, nevertheless), which works. > > > > I would hazard a guess that this is the change causing your problem. > > > > * Fri Jun 26 2015 Tomas Mraz <tmraz at redhat.com> 0.9.8e-36 > > - also change the default DH parameters in s_server to 1024 bits > > > > Here's some more info, > > > > https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ > > > > RH must have backported this fix to 0.9.8e. > > > > There seem to be many reports out there that the openssl update broke mysql, > > but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1, > > so you're most likely on your own. I'm quite ignorant of mysql, but it looks > > like you may be able to get this to work again by changing the cipher in mysql > > and regenerating your cert. > > > > https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4 > > > > > http://lists.centos.org/pipermail/centos/2015-July/153753.html Cool - that looks like the answer. Just tried it successfully. Many thanks! Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org